When Cybercrime Becomes a National Security Problem: The Wagenius Case

Fresh court documents are now publicly available in the case of Cameron Wagenius, known online as KiberPhant0m who we track as UNC5156. These records, related to the UNC5537 (Connor Moucka) case, reveal details regarding alleged extortion activities within the context of previously reported Snowflake-related intrusions. Wagenius, a 20-year-old U.S. Army communications specialist formerly stationed in South Korea, is implicated in the hacking incidents targeting Snowflake customers that began in early 2024.

The newly released court documents highlight several key points:

• Wagenius faces charges related to extortion and unlawful posting and transferring confidential information
• The documents detail his attempts to contact what he believed to be a foreign intelligence service to reportedly sell stolen information
• Of particular concern are his web searches, including phrases like “can hacking be treason” and inquiries about defecting to countries including Russia

This case highlights that cybercrime is often a multifaceted national security threat. Beyond the immediate implications of data breaches and extortion, the details emerging from this case, along with growing evidence of the convergence of cybercrime and state-sponsored activity, demonstrate the blurred lines between traditional cybercrime and national security concerns. To read more about why cybercrime demands attention as a national security issue, I recommend reading GTIG’s report: https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat

The relevant court documents from CourtListener are attached.